Machete Analysis

IOB - Indicator of Behavior (47)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en42
es4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ca6
us6
ru4
es4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Machete5
Donot1
DPRK1
Mirai1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Content Management System6
Operating System4
Programming Language Software4
Multimedia Player Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Oracle6
Not Defined6
Apple4
Adobe4
Google2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle Java SE4
Adobe Flash Player4
Apple Mac OS X2
phpBB2
Google Chrome2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1WordPress Access Restriction user-new.php access control7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01232CVE-2017-17091
2Apple iOS/iPadOS Kernel information disclosure3.33.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.05132CVE-2020-27950
3vBulletin visitormessage.php code injection7.57.4$0-$5k$0-$5kHighUnavailable0.110.05164CVE-2014-9463
4phpBB startup.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01408CVE-2015-1431
5Google Chrome Extensions use after free7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.17381CVE-2022-4177
6Google Chrome Forms use after free7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.17381CVE-2022-4181
7Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01156CVE-2022-27228
8Joomla CMS sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.040.93264CVE-2015-7297
9Oracle Java JRE/SE Sandbox privileges management8.17.7$25k-$100k$0-$5kProof-of-ConceptUnavailable0.000.00000
10ZyXEL P660HN-T v1 ViewLog.asp command injection7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000.00000
11IBM WebSphere Application Server Admin Console resource consumption6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.010.01061CVE-2019-4080
12SunHater KCFinder upload.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.050.01055CVE-2019-14315
13Google Chrome UI buffer overflow7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01055CVE-2020-16010
14MantisBT Attachment file_download.php information disclosure4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01232CVE-2015-5059
15Microsoft Windows JET Database Engine memory corruption6.86.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.090.39320CVE-2017-8718
16Backup / Restore Module Configuration Screen cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2019-19615
17Apple Mac OS X Hypervisor memory corruption8.87.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.670.01832CVE-2015-7078
18Microsoft Windows Remote Access Connection Manager Service information disclosure3.33.3$25k-$100k$5k-$25kNot DefinedWorkaround0.030.00000
19ESMI PayPal Storefront products1h.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.06790CVE-2005-0936
20Userscape HelpSpot Reflected cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00954CVE-2017-16755

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
131.207.44.72MacheteverifiedHigh
269.64.43.33falcon207.startdedicated.comMacheteverifiedHigh
3XXX.XX.XXX.XXxxx-xx-xxx-xx.xxx.xxxx.xxXxxxxxxverifiedHigh
4XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxverifiedHigh
5XXX.XX.XXX.XXXxxxxxxverifiedHigh
6XXX.XX.X.XXXxxxxx.xx-xxx-xx-x.xxxXxxxxxxverifiedHigh
7XXX.X.X.XXXxxxxxx.xxx.x.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxverifiedHigh
8XXX.XXX.XXX.XXXxxxxxxverifiedHigh
9XXX.XX.XX.XXXxx-xxxxx-xxxx.xxxxxxxxxx.xxxXxxxxxxverifiedHigh
10XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxxXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74InjectionpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/config.php?display=backuppredictiveHigh
2File/proc/self/cwdpredictiveHigh
3Filefile_download.phppredictiveHigh
4Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxxx.xxx?xx=xxxxxxxxxpredictiveHigh
7Filexxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxx.xxxpredictiveMedium
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
12Libraryxxxxxxxx-xx.xxxpredictiveHigh
13Libraryxxx xxxxxxxxxxpredictiveHigh
14ArgumentxxxxpredictiveLow
15ArgumentxxxxxxxxxxxxxxxpredictiveHigh
16Argumentxxxx_xxpredictiveLow
17ArgumentxxpredictiveLow
18Argumentxxxxxx_xxxxpredictiveMedium
19Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!